Online auction site eBay has become the latest cybercrime victim, hacked by computer pirates who gained access to personal information on the site’s 148 million active users. According to a report Wednesday from Reuters, as carried on MSN News, the attack occurred months ago – between late February and early Match – but the site just recently learned of their gap in security.
As a result of the hack, eBay has urged all users to immediately change their passwords, though the late announcement of the breach has some wondering if their accounts have already been used fraudulently. Ebay said this week that a “large number of accounts may have been compromised,” but according to MSN, the spokesperson would not identify the exact amount. According to eBay, information at risk includes user names, mailing and email addresses, dates of birth, phone numbers and passwords. PayPal and other banking information is not thought to be in danger at this time.
“For the time being, we cannot comment on the specific number of accounts impacted,” eBay spokesperson Kari Ramirez said. “However, we believe there may be a large number of accounts involved.” The site has not identified who is behind the hack, but is working on tracking down those responsible.
According to CNN, the cyber attackers absconded with eBay employee log-in credentials and managed to penetrate into the site’s databases that housed millions of pieces of personal information. Once inside the corporate network, the hackers quietly downloaded and made off with an extensive haul of personal information. Two weeks ago, the company discovered the breach, and a forensic investigation into its computer systems showed the extent of the threat.
Explains CNN Money:
The good news for eBay customers is that the passwords were encrypted with a technique known as hashing, which turns text into irreversible jumbled code. And they were "salted" with an added random digit or two. Also, eBay's password requirements are ranked slightly better than average by password manager Dashlane. That'll make them even harder to decrypt.
But that's not the point. The real danger here is in the fallout of such a major data breach. Hackers now know where you live. They can call you. Expect to receive fake deals and offers. Beware of getting duped into revealing even more sensitive information, like your bank details or Social Security number.
According to a press release by eBay this week, after conducting extensive tests on its networks, the company said it has “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”
Ebay has said that emails are going out to all registered users with the above information, and is urging all members to immediately change their passwords. According to eBay, the company has not, as of yet, seen any indication of increased fraudulent account activity on their user’s listings and or eBay stores.